kdesu default super-user-command
Thomas Friedrichsmeier
thomas.friedrichsmeier at ruhr-uni-bochum.de
Thu Nov 22 21:14:06 GMT 2007
On Thursday 22 November 2007, Oswald Buddenhagen wrote:
> On Thu, Nov 22, 2007 at 07:45:47PM +0100, Thomas Friedrichsmeier wrote:
> > Yeah, except the "real" command is written to kdesu_stub's stdin, not
> > passed as a command-line option. I don't think sudo can handle *that*.
>
> oops. that should be reconsidered. wanna take a look?
Hm, I did take a short look, but not sure I really want to see this through.
Simply making the command to run a command-line option should be easy enough,
but would not be the end of the story.
kdesu_stub also asks for - among other things, which should be less
problematic(*) - a path, and in fact allows for a complete environment to be
specified via stdin. I suppose if that were to be allowed, then sudo
restrictions are effectively meaningless once again. So could we get rid of
that?
kdesu (the app) uses this to carry over kapp->startupId(), KDEHOME, and the
real user name. I suppose these could be turned into single options in
kdesu_stub to effectively restrict misuse.
The path is generally copied verbatim from the environment. No idea what could
be done about this.
Next problem is that SshProcess also uses kdesu_stub. I suppose in this case
the option to set a bunch of environment variables freely can be rather
useful. So for this context the possiblity to pass an environment via stdin
should probably be preserved. Which starts to smell like having to create an
entirely separate stub for SshProcess...
I guess I'm starting to understand why the ubuntu people have chosen to create
kdesudo as a kdesu drop-in-replacement (which unfortunately is not really
compatible, yet, and breaks several apps). Trying to *really* support both su
and sudo seems to be not entirely trivial using the current libkdesu.
Regards
Thomas
---------------
(*) Then there's also an xauth cookie. I don't pretend to understand the
security implications of this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20071122/31a167d6/attachment.sig>
More information about the kde-core-devel
mailing list